Gpac Mp4box
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Gpac Mp4box.
By the Year
In 2026 there have been 6 vulnerabilities in Gpac Mp4box with an average score of 5.4 out of ten. Mp4box did not have any published security vulnerabilities last year. That is, 6 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 5.42 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.50 |
| 2023 | 15 | 7.60 |
| 2022 | 2 | 7.65 |
| 2021 | 3 | 7.50 |
It may take a day or so for new Mp4box vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gpac Mp4box Security Vulnerabilities
GPAC MP4Box <=26.02.0 NULL Ptr Deref DoS via gf_filter_pid_resolve_file
CVE-2025-60477
5 - Medium
- June 03, 2026
A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
NULL Pointer Dereference
GPAC MP4Box v2.4 DoS via heap overflow in m2tsdmx_send_packet
CVE-2025-55664
5.5 - Medium
- June 01, 2026
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Heap-based Buffer Overflow
GPAC MP4Box NULL Deref in gf_odf_ac4_cfg_dsi_v1 (26.02.0) DoS
CVE-2025-60481
5.5 - Medium
- June 01, 2026
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AC4 file.
NULL Pointer Dereference
GPAC MP4Box <26.02.0 Segfault in gf_isom_apple_set_tag_ex(DOS)
CVE-2025-60485
5.5 - Medium
- June 01, 2026
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
NULL Pointer Dereference
GPAC MP4Box DoS via Heap UAF in dasher_process before 26.02.0
CVE-2025-60486
5.5 - Medium
- June 01, 2026
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
Dangling pointer
GPAC MP4Box <26.02.0 DoS via gf_media_get_color_info segfault
CVE-2025-60495
5.5 - Medium
- June 01, 2026
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted data file.
NULL Pointer Dereference
GPAC MP4Box Null Ptr Deref in m2tsdmx_on_event (v 2.5-DEV)
CVE-2024-6063
5.5 - Medium
- June 17, 2024
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been classified as problematic. This affects the function m2tsdmx_on_event of the file src/filters/dmx_m2ts.c of the component MP4Box. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8767ed0a77c4b02287db3723e92c2169f67c85d5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-268791.
NULL Pointer Dereference
Buffer Overflow in GPAC MP4box 2.1 GF_HEVC_READ (av_parsers.c)
CVE-2022-47654
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261
Classic Buffer Overflow
GPAC MP4Box Buffer Overflow in eac3_update_channels
CVE-2022-47653
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113
Classic Buffer Overflow
GPAC MP4box Buffer Overflow in gf_hevc_read_sps_bs_internal (dev 2.1)
CVE-2022-47656
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273
Classic Buffer Overflow
GPAC MP4Box pre-2.1 buffer overflow in hevc_parse_vps_extension
CVE-2022-47657
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662
Classic Buffer Overflow
GPAC MP4Box 2.1-DEV Buffer Overflow in gf_hevc_read_vps_bs_internal
CVE-2022-47658
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039
Classic Buffer Overflow
GPAC MP4box 2.1-DEV Buffer Overflow in gf_bs_read_data
CVE-2022-47659
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
Memory Corruption
GPAC MP4Box 2.1 integer overflow in isom_write.c
CVE-2022-47660
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
Integer Overflow or Wraparound
GPAC MP4Box 2.1-DEV Buffer Overflow in av_parsers.c
CVE-2022-47661
7.8 - High
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes
Memory Corruption
GPAC MP4Box 2.1-DEV: stack overflow via infinite Media_GetSample recursion
CVE-2022-47662
5.5 - Medium
- January 05, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662
Stack Exhaustion
Buffer Overflow in GPAC MP4box 2.1DEV h263dmx_process filter
CVE-2022-47663
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609
Classic Buffer Overflow
GPAC MP4box 2.1-DEV Buffer Overflow in hevc_parse_vps_extension
CVE-2022-47095
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c
Classic Buffer Overflow
Null Ptr Deref in GPAC MP4box 2.1 via m2tsdmx_declare_pid
CVE-2022-47094
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid
NULL Pointer Dereference
GPAC MP4Box <=2.1-DEV heap UAF via m2tsdmx_declare_pid
CVE-2022-47093
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid
Dangling pointer
Integer overflow in GPAC MP4Box 2.1-DEV: gf_hevc_read_sps_bs_internal
CVE-2022-47092
7.1 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316
Integer Overflow or Wraparound
GPAC MP4Box 2.1-DEV Buffer Overflow in gf_vvc_read_sps_bs_internal
CVE-2022-47089
7.8 - High
- January 05, 2023
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c
Classic Buffer Overflow
GPAC mp4box 2.1-DEV UAF in gf_isom_dovi_config_get
CVE-2022-36190
9.8 - Critical
- August 17, 2022
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
Dangling pointer
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769
CVE-2021-41458
5.5 - Medium
- June 16, 2022
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
Memory Corruption
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXml
CVE-2021-41459
7.5 - High
- October 01, 2021
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
Memory Corruption
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter
CVE-2021-41456
7.5 - High
- October 01, 2021
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
Memory Corruption
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing
CVE-2021-41457
7.5 - High
- October 01, 2021
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gpac Mp4box or by Gpac? Click the Watch button to subscribe.
